SoylentNews

Several Privacy-Busting Bugs Found in Popular VPN Services

posted by cmn32480 on Friday March 16 2018, @04:23PM   
from the i-wanna-be-an-anonymous-coward dept.

"exec" writes:

Three popular VPN services have been found to leak private user information, which if exploited could be used to identify users.

The report, published Tuesday, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users.

But the research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location.

In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services.

http://www.zdnet.com/article/more-privacy-busting-bugs-found-in-popular-vpn-services/

-- submitted from IRC

---

Original Submission

• Useful Information -- With CVEs! (Score: 3, Informative) by NotSanguine on Saturday March 17 2018, @12:54AM

  by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Saturday March 17 2018, @12:54AM (#653886) Homepage Journal

  The report referenced by TFA [vpnmentor.com] includes details on the vulneabilities as well as CVE IDs (CVE-2018-7880, CVE-2018-7878, CVE-2018-7879 although MTIRE hasn't filled in any details yet).

  The issues appear to be implementation related problems (poorly written PAC [wikipedia.org] scripts), rather than vulnerabilities in software or hardware.

  --
  No, no, you're not thinking; you're just being logical. --Niels Bohr

  Starting Score:	1		point
  Moderation		+1
  Informative=1, Total=1
  Extra 'Informative' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3